[toss1]

Fine. Pick your number. Let's be a bit generous:

Ten fully skilled security experts deputized @ 200K/yr. Fifteen assistants at $75K/yr. All personnel grossed up to 140% for fully loaded cost. Hardware, infrastructure, software, hosting services, $200K/yr. Total (((20010)+(7515))*1.4)+200 = $4,575,000/year.

You don't think that such a team could stop $50 million in crime in a year? I'd expect that $500 million would be a slow year and stopping $5billion would be more like it. There is so much of it and such low-hanging fruit...

I know of large corporation divisions where $5 million per quarter was literally their rounding error threshold three decades ago (likely more like $15 million now).

The payoff is so great it is astonishing that some large tech companies don't do it just for the general reputation of the industry. Or the banks for the same reason (e.g., I wont' touch Zelle, both because when I first checked it out it was horribly clunky, my bank wanted $20/month just to use it, and all the persistent scams).

Or, just for lulz. This is rounding-error pocket-change for these corps. If it got going, I could see a rivalry between MS, Oracle, & Alphabet execs for who could dunk the most scam dollars, and jail the most perps...

[kube-system]

> You don't think that such a team could stop $50 million in crime in a year?

By "stop", do you mean "prevent from happening", "successfully prosecute", or "identify the perpetrators"?

My answers, respectively, are "no", "maybe, depending on the sample set", and "yes".

[toss1]

Hmm, why do you think they couldn't prevent $50mm? I'd expect that to be the easiest number to to maximize. Take out a ransomware crew, and you prevent all their crimes for the next years, as long as you keep them offline; get the encryption keys, and you've undone every ransom demand still standing. Just busting them in a way that their are either denied bail or have conditions placed on them so they cannot use any computing device, and you've taken them offline (and sufficient monitoring will probably jail them soon when they go back online under bail conditions.

Definitely agree that successfully prosecute is harder than ID perps...

[nradov]

You're dreaming. Most ransomware gangs operate offshore in countries that don't cooperate with our law enforcement or extradite suspects.

[toss1]

Sure, big ransomware gangs are likely overseas.

But you don't think there's enough scammers based in the US/Canada/EU to chase? Back to the Zelle scams as we started with, and an awful lot of scams that require cash mules, seem pretty trackable if someone puts in the effort, especially when people can drop the evidence at their doorstep.

[kube-system]

Yes, there are. But none that would be addressable in any reasonable way by your above-hypothesized team of 10 cybersecurity experts. Any significant wire fraud operations are going to interesting to the FBI and something that is in their jurisdiction anyway.

What’s left would be cases like “I bought this iPhone off eBay and got mailed a brick”. If it was taking your team any longer than literally 10 minutes per successful recovery on average, you’d be better off just using that taxpayer money to reimburse victims directly. It just doesn’t make sense to throw 250/hr labor at a $500 problem.

[luckylion]

The guy who mails out bricks instead of iPhones probably does that every day, so if you stop him, you're not just solving a $500 problem, you're solving a $500 a day problem, which is a $180k/year problem.